No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

OceanStor 2800 V3 V300R006

This document is applicable to OceanStor 2800 V3. Based on the CLI provided by the DeviceManager, this document describes how to use variouscommands classified by functions and how to set the CLI and manage the storage system throughthese commands. The document that you browse online matches the latest C version of the product. Click Download to download documents of other C versions.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
change domain ldap_config

change domain ldap_config

Function

The change domain ldap_config command is used to modify the LDAP domain authentication configuration.

Format

change domain ldap_config server_ip_list=? transfer_type=? base_dn=? password_hash=? port=? [ [ user_suffix=? ] | [ group_suffix=? ] | [ shadow_suffix=? ] | [ bind_dn=? bind_password=? ] | [ timelimit=? ] | [ bind_timelimit=? ] | [ idle_timelimit=? ] | [ netgroup_dn=? ] | [ bind_level=? ] | [ user_search_scope=? ] | [ group_search_scope=? ] | [ netgroup_search_scope=? ] | [ bind_using_ad_credentials=? ] ] *

Parameters

Parameter

Description

Value

server_ip_list=?

IP address or host name of the LDAP server.

IP address: A maximum of three IP addresses (IPv4 or IPv6 addresses) are supported. Use commas (,) to separate IP addresses. Host name:

  • Contains 1 to 255 letters, digits, hyphens (-), periods (.), and underscores (_).
  • Must start with a letter or digit and cannot end with a hyphen (-) or underscore (_).
  • Cannot contain consecutive periods (.), pure digits (.), or the combination of a period and underscore (._ or _.).

transfer_type=?

LDAP encryption algorithm.

Possible values are "LDAP" and "LDAPS", where:

  • "LDAPS": The SSL encryption algorithm is enabled.
  • "LDAP": The SSL encryption algorithm is disabled.
NOTE:

To ensure secure data transmission, you are advised to use Secure Sockets Layer(SSL) encryption. Before selecting the LDAPS protocol, use the "import certificate" command to import the CA certificate file for the LDAP domain server.

base_dn=?

Base distinguished name (DN) of the LDAP directory, that is, the root directory of the LDAP server.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

password_hash=?

Password encryption method.

Possible values are "clear", "md5", and "crypt", where:

  • "clear": clear encryption.
  • "md5": md5 encryption.
  • "crypt": crypt encryption.
NOTE:

Because clear and md5 unsafe for secure data transmission, you are advised to use crypt encryption.

port=?

LDAP listening port.

The value is an integer ranging from 1 to 65,535. The default LDAP port is 389, LDAPS typically 636.

user_suffix=?

Filter criteria for querying users. If this parameter is not configured, the querying starts from the root directory.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

group_suffix=?

Filter criteria for querying groups. If this parameter is not configured, the querying starts from the root directory.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

shadow_suffix=?

Filter criteria for querying passwords. If this parameter is not configured, the querying starts from the root directory.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

bind_dn=?

DN bound with an LDAP server. If anonymous binding is not available for an LDAP server, you must bind DNs before you can retrieve the information on users or user groups.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

bind_password=?

Password for login. The password must be the same as that for logging in to the LDAP server.

The value consists of 1 to 63 characters.

timelimit=?

Timeout threshold of waiting for a response to an LDAP query request.

The value is an integer ranging from 0 to 2147483647.

NOTE:

"0" indicates no timeout limit.

bind_timelimit=?

Timeout threshold of setting up connections between a client and server.

The value is an integer ranging from 1 to 2,147,483,647.

idle_timelimit=?

Timeout threshold of client connections when the LDAP connection is idle.

The value is an integer ranging from 0 to 2,147,483,647.

NOTE:

A value of 0 means no timeout limit.

netgroup_dn=?

Filter criteria for querying netgroups. If this parameter is not configured, the querying starts from the root directory.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

bind_level=?

Way of binding the storage array with the LDAP server.

The value can be "simple" or "SASL", where:

  • "simple": simple authentication method.
  • "SASL": SASL authentication method.

user_search_scope=?

Range for querying the user.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.

group_search_scope=?

Range for querying the group.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.

netgroup_search_scope=?

Range for querying the netgroup.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.

bind_using_ad_credentials

Whether to use the AD domain account to bind.

The value can be "true" or "false", where:

  • "true": use the AD domain account to bind.
  • "false": does not use the AD domain account to bind.

Level

Administrator

Usage Guidelines

  • If parameter "bind_dn" is specified, parameter "bind_password" is required.
  • When parameters "bind_dn" and "bind_level" are not specified and the value of "bind_using_ad_credentials" is "false", use the anonymous method to connect to the LDAP server.

Example

  • Query LDAP domain authentication configurations before the modification.
    admin:/>show domain ldap 
    IP Address List :  
    Base DN         : 
    Port            :  
    Password Hash : --  
    Transfer Type : -- 
    User Suffix     : 
    Group Suffix : 
    Shadow Suffix :  
    Timelimit       : 3 
    Bind Timelimit  : 3 
    Idle Timelimit  : 30 
    Bind DN         : 
    Netgroup DN : 
    Bind Using the AD Credentials: True 
    User Search Scope: Subtree 
    Group Search Scope: Subtree 
    Netgroup Search Scope: Subtree 
    Bind Authentication Level: Simple
  • Modify the LDAPS domain authentication configuration.
    admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAPS base_dn=dc=huawei,dc=com password_hash=md5 port=636 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=********* netgroup_dn=dc=huawei,dc=com bind_level=simple user_search_scope=subtree group_search_scope=subtree netgroup_search_scope=subtree bind_using_ad_credentials=true 
    Command executed successfully.
  • Query the LDAPS domain authentication configuration after the modification.
    admin:/>show domain ldap 
    IP Address List : 10.40.25.8 
    Base DN         : dc=huawei,dc=com  
    Port            : 636  
    Password Hash : Md5  
    Transfer Type : LDAPS  
    User Suffix     : dc=huawei,dc=com  
    Group Suffix : dc=huawei,dc=com  
    Shadow Suffix : dc=huawei,dc=com 
    Timelimit       : 3 
    Bind Timelimit  : 3  
    Idle Timelimit  : 30 
    Bind DN         : cn=root,dc=huawei,dc=com 
    Netgroup DN : 
    Bind Using the AD Credentials: True 
    User Search Scope: Subtree 
    Group Search Scope: Subtree 
    Netgroup Search Scope: Subtree 
    Bind Authentication Level: Simple
  • Modify the LDAP domain authentication configuration.
    admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAP base_dn=dc=huawei,dc=com password_hash=md5 port=389 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=********* 
    netgroup_dn=dc=huawei,dc=com bind_level=simple user_search_scope=subtree group_search_scope=subtree netgroup_search_scope=subtree bind_using_ad_credentials=true 
    Command executed successfully.
  • Query the LDAP domain authentication configuration.
    admin:/>show domain ldap 
    IP Address List : 10.40.25.8  
    Base DN         : dc=huawei,dc=com  
    Port            : 389 
    Password Hash : Md5  
    Transfer Type : LDAP 
    User Suffix     : dc=huawei,dc=com  
    Group Suffix : dc=huawei,dc=com  
    Shadow Suffix : dc=huawei,dc=com 
    Timelimit       : 3 
    Bind Timelimit  : 3  
    Idle Timelimit  : 30 
    Bind DN         : cn=root,dc=huawei,dc=com 
    Netgroup DN : 
    Bind Using the AD Credentials: True 
    User Search Scope: Subtree 
    Group Search Scope: Subtree 
    Netgroup Search Scope: Subtree 
    Bind Authentication Level: Simple

System Response

None

Translation
Download
Updated: 2019-07-12

Document ID: EDOC1000138382

Views: 311716

Downloads: 38

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next